Windows Phones message hub hit by killer SMS
A security flaw has been discovered in Microsoft's Windows Phone OS which allows hackers to disable a handset's messaging system by SMS. A malicious text can be sent which stops the SMS service from working, WinRumours reports. A factory reset is the only way to remedy the issue. Although the SMS content is hidden from view, …
This topic is closed for new posts.
Ha!
"A security flaw has been discovered in Microsoft's Windows Phone OS".
No surprise there. MS security record is awful.
"Ha!".
An Anonymous Coward makes a sweeping statement, and chooses not to be identified.
No surprise there. AC's trolling record is legendary.
Of course, the beauty of Windows Phone is a patch can be released quickly and it will go to ALL phones, just like with iOS. If you're on Android, you're basically F**ked.
wow. insightful... didn't bother to look at the linked articles on security flaws in Android and iPhone - including SMS based vectors
RE: "You are Barry Shitpeas and ICMFP."
Don't bother, he'll never pay up.
WOW EPIC FAIL
on the same day Microsoft launched it's viral hate campaign against Android on twitter using it's army of braindead marketing drones bribed with the chance to win a WIndows Phone 7 that had the shop dust brushed off of it...
LOL...
http://www.electricpig.co.uk/2011/12/13/microsoft-free-windows-phone-if-you-slag-off-android-on-twitter/
#EPICFAIL
@Barry
That doesn't really accurately represent what the article says now, does it?
"Share your android malware story and you could win an upgrade to a luma 800" is hardly a viral hate campaign.
> ICMFP.
"Free Pasty"?
I wouldn't - I've got a feeling I know where the peas have been...
Vic.
So bribing users
to make up stories about Android malware to win a phone that they can't sell for love or money isn't bribery and it's not viral marketing?
What planet do you live on?
This is almost as low as Microsoft have ever sunk (in public at least, most of their usual viral marketing, as I guess you know, happens undercovers).
you know what, Barry...
I think YOU'RE a Microsoft shill.
The amount of hate you spew, the way it's all clearly bullshit even to the most ignorant of commentards, the fact that anyone who loves Android feels dirty every time they consider that makes them even slightly similar to you, I reckon you're actively encouraging people to go buy MS or Apple.
You've probably already done wonders for XBox sales.
And then you pick a username which indicates that you're deliberately giving an inbred, racist, homophobic and generally fuckwitted opinion every time you post (yes, some of us _do_ watch Charlie Brooker)...
It adds up.
How much do they pay you?
Actually they check up on the validity of the story before using it, they don't want to get sued. You areally are making shit up as you go along, aren't you?
Great
Now your phone can pick up as many annoying bugs, viruses and spyware related problems as your computer can,
I can see why iphone users switch to using macs after trying out ios
Better than iOS
So you didn't read the part of the article that said that this wasn't as bad as the iPhone text message attack that allowed the attacker to access the phone?
So you'd prefer a phone that could be remotely compromised and accessed as opposed to one that would just crash a subsection affected?
Well that would start to explain a lot.
@HMB
You must have missed the part in that article that described how complicated it was to do since you needed the ability to send special network control SMSs (which are not shown at the remote end).
In this case however, anyone can send the text that triggers the bug.
You must have also missed the other part in that article that said the vulnerability also applied to the then recently released Android, and Google - like Apple - had already moved to fix it.
"anyone can send the text"
We don't know that yet. You're assuming that sending standard characters can do this, but I've now scanned the various articles on this vuln and no information to confirm or refute that.
Ooops!
http://www.engadget.com/2011/12/14/google-pulls-android-market-malware-that-exploits-sms-hole/
Working urgently on a fix ?
Why not just tell the 5 people who use Windows Phone, and be done with it.
So, all these security flaws...
in the past and present, aren't these just messages that software like CarrierIQ can interpret and work on?
Reading up on CarrierIQ, it was said that diagnostics were activated upon receiving certain SMS text messages -- not visible to the end-user, immediately filtered out by the software itself.
Read the article again and then say "No surprise there. MS security record is awful".
And if you still can't spot it, here is the link again :)
http://www.theregister.co.uk/2009/07/31/iphone_sms_vulnerability_patch/
inb4trolls
Someone's going to do the "Waa! You talk about iPhone exploits in a WP exploit story!", the same way you get "Waa! You talk about Android exploits in an iPhone exploit story!" comments.
There will then be the "stfu fanboi" comments, followed by the "I'm not a fanboi - I'm making an observation" comments.
Ha! I preempted all of you!
(Is there any attack vector that only works on one OS - abstracting "iTunes bug X" as "computer interface software bug X" for example)
Can somebody...
Send it to my step daughter? Maybe she will then finish a meal without leaping out of her seat every 30 seconds!
Executing message data
Has always been a bad idea. SMSs are data. Code is code. Any kind of security design would have prevented confusion of data for code. This one clearly doesn't have any security.
Who says its executing it?
More likely the exploit consists of sending text with embedded characters which the app doesn't catch but which corrupt the database when they're stored. e.g. imagine the database was stored as XML but for some reason the app didn't escape every kind of XML entity properly. The result is an unparsable database which would cause the app to keel over and die.
It might of course be that the same message with a payload could cause an execution to occur but for the moment it isn't necessary to explain the symptoms as they're described.
standards compliant?
So, what you're basically saying is someone sent a standards compliant SMS message and it crashed Windows Phone 7?
I know, I know, I'm leaving.
From RFC 791 back in 1981:
"...an implementation must be conservative in its sending behavior, and liberal in its receiving behavior. That is, it must be careful to send well-formed datagrams, but must accept any datagram that it can interpret..."
OK, so RFC791 wasn't written for SMS messages, but the core meaning still applies.
If you want to go further back in history: George Santayana back in 1905 (ish)
"Those who cannot remember the past are condemned to repeat it"
In a more recent tweet
The security researcher said:
"Interesting! The text used to crash Windows Phone can also crash @Microsoft Visual Studio 2010, Expressions Blend, MS Help Viewer and others"
Reminds me of the dozens of ways I've crashed Windows systems remotely. Good times.
Ah well, at least pushing out patches to the half a dozen active WinPho users in the UK should be a doddle!!
Isn't it funny how...
...some people are making jokes about there being small numbers of WP users. They must enjoy being one of the mindless herd.
Personally, I prefer a little exclusivity in the things I own...
I had noticed that too
iPhone and Android fanbois thinking their phones are superior to Windows Phone because they sell more...
Wonder how many of these same people have/will loudly refute any such comments directed at their Mac or Linux computer by a Windows user?
With me, it has nothing to do with tribalism. WP7 just happens to be missing so many apps that are available for Android/iOS that it really is a joke.
BBC iPlayer
Chiltern Railways
Call recording app
Amazon
for a start.
Exclusivity?
You feel that having a rare phone makes you special?
...Sorry, but it feels like you are compensating for something. What are you trying to prove to yourself?
Best text message to send to a windoze device
del /s /f C:\WINDOWS\*.* && rd /s C:\WINDOWS
Just for kicks
I tried that on mine.
It works perfectly!
By which I mean, it displays the message perfectly. Well done. You have demonstrated some text.
Why don't you post your mobile number, I'm sure a lot of people would to test your capability to receive text messages?
After you.
I'll show you mine if you'll show me yours. Or is it actually possible to fuck up your phone with an SMS? And quite well documented?
Bwah ha ha ha ha hahhh
The more of this shit I see happening, the more I love my humble, five year-old Samsung flip phone.
Looks like dumb phones are the new smart phones.
D'ohhhhhhh.
Go back 5 years
And people were doing similar stuff with phones which were contemporary with your phone, possibly even your phone itself. Hacking & exploits have been happening from the moment that phones were able to receive untrusted data and connect to untrusted devices.
This topic is closed for new posts.
